Apache Subversion < 1.6.21 / 1.7.9 Remote Denial of Service Vulnerability

Medium

Synopsis

The remote host is running a version of Subversion's mod_dav_svn HTTPD server module that is vulnerable to denial of service.

Description

The remote host is running a vulnerable version of Subversion's mod_dav_svn Apache server module. This issue specifically regards excessive memory usage when a large number of properties are set or deleted on a node, and an attack would require the attacker to have write access to the repository.

Solution

Patches are available from the vendor; upgrade to version 1.6.21 / 1.7.9 or later.